security availability solutions for a resilient infrastructure in the financial services industry n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Ton Duc Long, MBA Country Sales Manager, Vietnam Territory Ton_duc_long@symantec PowerPoint Presentation
Download Presentation
Ton Duc Long, MBA Country Sales Manager, Vietnam Territory Ton_duc_long@symantec

Loading in 2 Seconds...

play fullscreen
1 / 30

Ton Duc Long, MBA Country Sales Manager, Vietnam Territory Ton_duc_long@symantec - PowerPoint PPT Presentation


  • 115 Views
  • Uploaded on

Security & Availability Solutions for a Resilient Infrastructure in the Financial Services Industry. Ton Duc Long, MBA Country Sales Manager, Vietnam Territory Ton_duc_long@symantec.com. A G E N D A. Information Integrity Business Challenges to Business Solutions.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Ton Duc Long, MBA Country Sales Manager, Vietnam Territory Ton_duc_long@symantec' - julian-anthony


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security availability solutions for a resilient infrastructure in the financial services industry

Security & Availability Solutions for a Resilient Infrastructure in the Financial Services Industry

Ton Duc Long, MBA

Country Sales Manager, Vietnam Territory

Ton_duc_long@symantec.com

slide2

A G E N D A

  • Information Integrity
  • Business Challenges to Business Solutions
information integrity when information is at risk consequences are real
Information IntegrityWhen Information is at Risk, Consequences are Real

Security

Availability

information integrity symantec trusted to deliver information integrity

SQL

Information Security

Exchange

Oracle

Excel

InformationIntegrity

IM

Notes

DB2

Word

Information Availability

SAP

XML

Information IntegritySymantec : Trusted To Deliver Information Integrity
information integrity getting to information integrity

Proactively ProtectAgainst ThreatsMonitor SystemsFor Compliance

Proactively ProtectAgainst ThreatsMonitor SystemsFor Compliance

Proactively ProtectAgainst ThreatsMonitor SystemsFor Compliance

Discover, Manage & RecoverInformationProvision, Optimize & RemediateSystems

Discover, Manage & RecoverInformationProvision, Optimize & RemediateSystems

Discover, Manage & RecoverInformationProvision, Optimize & RemediateSystems

Information Security

Drive faster, better decision-making

Gain early visibility into threats, vulnerabilities, and environmental factors

Increase internal expertise

Information Availability

Insight & Expertise

Information IntegrityGetting To Information Integrity
information integrity support the business

Complexity

Cost

Information Security

InformationIntegrity

Information Availability

Compliance

Information IntegritySupport The Business

, and Manage Constraints

Standardize and Automate Processes

Develop Greater Resilience in the Infrastructure

Consolidate for Efficiency

Manage Constraints

Manage Opportunity

protect brand equity and customer trust the network has changed

Company users on

Unmanaged laptops, kiosks,

home PCs, etc.

Business Partners on

Managed or unmanaged endpoints

Customers on unmanaged

endpoints

Protect Brand Equity and Customer TrustThe Network Has Changed . . .

Datacenter

Mobile Enterprise

Corporate Network

Company users on

managed desktops

Company users on

Managed laptops

Unix Servers

Company users on

managed laptops

Guest Users on

Unmanaged endpoints

Windows Servers

IPSec VPN

Linux Servers

SSL VPN

DMZ

Web Farm

Portals

Mail

protect brand equity and customer trust a new strategy
Protect Brand Equity and Customer Trust A New Strategy
  • Institutions must deploy a defense-in-depth strategy
  • Only allow “authorized” endpoints to connect to the network
  • Determine if the endpoint is defended and meets the requirements of admission
  • Execute a series of policy checks on the endpoint to determine its risk level
  • Automatically quarantine & remediate
  • Proactively enforce security policy with technology
  • Stop day zero threats from propagating & causing harm
  • Protect information throughout its lifecycle
  • Monitor, audit & archive security events
protect brand equity and customer trust symantec s endpoint security solutions
Protect Brand Equity and Customer Trust Symantec’s Endpoint Security Solutions

Symantec’s acquisition of Sygate and

WholeSecurity addresses several new

aspects of endpoint protection and

compliance

Symantec Endpoint Protection

Symantec Sygate Enterprise Protection

Symantec Critical System Protection

Symantec AntiVirus/Symantec Client Security

Symantec On-Demand Protection

Host Integrity and Virtual Desktop

Malicious Code Protection (WS)

Symantec Embedded Security

Symantec Network Access Control

protect brand equity and customer trust ip atm security helps retail banks meet new requirements
Protect Brand Equity and Customer Trust IP-ATM Security Helps Retail Banks Meet New Requirements

“With over 40 billion transactions

coming in globally through the ATM

channel every year – more than through

any other single delivery channel –

many banks will deploy the most advanced ATM technology available, leveraging those interactions as much as possible to increase customer service and increase opportunities to deepen the customer’s relationship with the bank.”

– Jerry Silva, TowerGroup

  • New regulations
  • Customer-centricity
  • Advanced functionality
  • New cost paradigms
protect brand equity and customer trust challenge solution benefit
Protection

Compliance

Reduced complexity

Symantec Solution:Protection & Compliance

Challenge

Benefit

Protect Brand Equity and Customer Trust Challenge – Solution – Benefit
  • Open networks are susceptible to malicious attacks
  • MS Windows platform exposes the networks to known and unknown threats
  • Eliminating the exposure is complex and costly
  • Eliminates exposure of 5x9 availability of open networks and Windows platform
  • Eliminates audit and regulatory failures, violations, and fines
  • Reduces costs
protect brand equity and customer trust defense in depth strategy symantec ip atm security

Distribution Channel – ATM

Risk Management

Policy Compliance

Incident Management

Assess impact of security and availability risks

Monitor

and test IT

controls

Correlate

and prioritize events

for tracking

Remediation Management

Remediate

IT control gaps

Global Insight

Data Center

Risk Management

Document, Record, & Report

Enterprise Servers

Demonstrate compliance and auditable processes; disclose security breaches

Protect corporate assets

from incoming threats

Router

Gateway

Branch ATM

Protect Brand Equity and Customer Trust Defense in Depth Strategy: Symantec IP-ATM Security
protect brand equity and customer trust defense in depth strategy symantec ip atm security1

Symantec DeepSight,

  • Symantec Discovery

Consulting Services

  • Symantec Enterprise

Security Manager w/ Symantec Sygate Enterprise Protection

  • Symantec Information

Manager

Global Insight

Data Center

Enterprise Servers

Document, Record, & Report

Risk Management

Router

  • SGS 5600 [FW/VPN/IDS/IPS/AV]
  • SNS 7100 [IDS/IPS]
  • SDS 3.1 [Honeypot]
  • Symantec Enterprise Security Manager w/ Symantec Sygate Enterprise Protection

Gateway

Branch ATM

Protect Brand Equity and Customer Trust Defense in Depth Strategy: Symantec IP-ATM Security

Distribution Channel – ATM

Risk Management

Policy Compliance

Incident Management

Remediation Management

  • Symantec LiveStateRecovery w/iPatch
  • Symantec Ghost

Symantec Client Security

operational availability threats to availability of data and systems
Operational AvailabilityThreats to availability of data and systems

DATA CORRUPTION

COMPONENT FAILURE

APPLICATION FAILURE

HUMAN ERROR

MAINTENANCE

SITE OUTAGE

operational availability secure business continuity
Operational AvailabilitySecure Business Continuity
  • Main BC focus limited to compliance with Disaster Recovery requirements
  • 70% of firms who could not access their data within 3-5 days after the 1989 San Francisco earthquake & 1st World Trade Center bombing went out of business
  • In light of recent events, 59% of CIOs surveyed have increased spending for and focus on Business Continuity Initiatives. Includes all industries and Governments
  • Only 26% of all organizations have calculated the cost of downtime.
  • In 1H 2005, finance and manufacturing organizations lost 16% and 9% of annual revenues respectively due to downtime
  • 66% of enterprises don’t test their disaster recovery plan yearly

*Based on Financial Times paper, “Business Continuity and Disaster Recovery”, June 2005, Symantec customer research, EMS reports

secure business continuity from symantec from prevention to remediation to recovery

Prevention - Outside

Prevention - Inside

Vulnerability Identified and/or Infrastructure Instrumentation &

Early Warnings Sent

Vulnerability Proactively Blocked Application Failed Over

Availability of Application Systems and Data Assured

Reports on attacks and outages; service levels met; RTO/RPOs achieved

Insight

Internet

Remediation

Recovery

Patches & Updates Implemented Across Infrastructure

Applications RecoveredData Restored

Identify Systems to Patch

Identify Points of Attack, Application Failures, Data Loss

Secure Business Continuity from SymantecFrom Prevention to Remediation to Recovery
hdfc bank data protection storage management
HDFC BankData Protection, Storage Management
  • Challenge
    • Ensure 24x7 information availability and centralize IT management
  • Solution
    • Deploy data protection and storage managementbased on:
      • VERITAS NetBackup 5.1 Enterprise Server
      • VERITAS Storage Foundation
  • Benefits
    • 98% ROI achieved since installation in 2003
    • 50% productivity improvement for data center staffusing NetBackup
    • 10% productivity improvement for data center staffusing Storage Foundation
    • 50% growth in data volumes without increasing backup time
    • Accommodating rapid business growth that includes three new branches weekly
slide20
Corporate Governance and Regulatory ComplianceIT Compliance - Threat to Achieving & Sustaining Compliance
  • Time and Cost
    • Manual and inefficient processes
    • Redundant or ineffective IT controls
    • Explosive data growth/expanding retention periods
  • Inconsistency and De-centralization
    • No standardized processes
    • Fragmented IT testing efforts
  • Measurement and Reporting
    • Processes not auditable
    • Issues with timeliness and accuracy
  • Multi-division company’s audit and related fees increased 77% in 2004 due to de-centralized internal controls testing process (USA Today, 2005)
  • Greater than 90% of companies decentralize SOX 404 certification and greater than 75% decentralize SOX 302 certification (IDC, 2005)
  • Complexity
    • IT infrastructure
    • Multiple regulations to address simultaneously
corporate governance and regulatory compliance symantec methodology for it compliance

Establish IT Controls

Sustain Controls Compliance

Assess Compliance Posture

Conduct A Regulatory Gap and Impact Assessment

Implement, Document and Remediate Controls

Measure, Test, Record, and Report on Compliance

  • Analyze risks
  • Inventory IT controls
  • Collect documentation
  • Review with internal auditors
  • Perform gap analysis
  • Evaluate against industry best practices
  • Develop detailed plan to address findings
  • Recommended controls are designed and implemented
  • New controls and processes documented and communicated
  • Test plan developed
  • Remediation of control gaps
  • New controls and processes are tested by auditors
  • Adjust controls as requested by auditors
  • Integrate measurement, testing and reporting into standard operations
  • Develop security awareness
Corporate Governance and Regulatory ComplianceSymantec Methodology for IT Compliance
corporate governance and regulatory compliance it compliance solutions from symantec

Resilient Infrastructure

4

Remediation Mgt.

Establish IT Controls

2

Remediate ITcontrol gaps

Design & implement security and availability controls

3b

5

Policy Compliance

Policy Compliance

Monitor and test IT controls

Monitor and test IT controls

Document, Record and Report

6

Demonstrate compliance and auditable processes

Sustainable

Process

1

Discovery

Assess impact of security & availability risks

Corporate Governance and Regulatory ComplianceIT Compliance Solutions from Symantec

3a

Incident Management

Correlate and prioritize events for tracking

corporate governance and regulatory compliance symantec offers an integrated security solution
Corporate Governance and Regulatory ComplianceSymantec Offers an Integrated Security Solution

Protect critical systems from internal or external threats

Ensure private client information is not compromised

Early Warning (DeepSight)

Provide early warning on new threats

Policy Management (ESM)

Determine which systems are impacted by this threat because the safeguard has not been deployed

Real-time Threat Management (SSIM)

Correlates and prioritizes threat information, providing early warning remediation guidance to reduce hours researching information

Remediation Management (LiveState CMS)

Evaluate and deploy the appropriate safeguards before private customer data or systems are compromised

slide24

Corporate Governance and Regulatory ComplianceCustomer Success Story – Global Financial Institution

  • Profile
    • 200 million customer accounts in 100 countries with assets over $1 Trillion
    • 141 Million credit card customers in 43 countries
    • 3,000 bank branches in North America plus 1,500 locations in 108 countries
    • 380,000 desktops globally with 50,000 servers globally
  • Challenge
    • Internal tools could not scale
    • Third party tool could not provide accurate reports in a timely manner
    • Too many tools and manual reporting
    • Failed an audit of the controls environment covering 10,000 Win2k servers
  • Solution
    • Partnership approach with competitive pricing
    • Established a global program to drive and support implementation
  • Benefits
    • Customer Experience: Smooth and project delivered on time
    • Customer Audit: Met Corrective Action Plan objectives within six months
    • “One of the best vendor experiences that I’ve ever had” – VP of Operations
the right thing to do elements of a complete program
The “Right” Thing To DoElements of a Complete Program
  • Reflect organizational security objectives in policy and standards
  • Assign roles/responsibilities and organize resources
  • Know what information you have and who it belongs to
  • Know what information is sensitive and why
  • Know what threatens the information you hold
  • Know where the information is/goes (flows) and what form it is in
  • Define the degree of protection required and/ or justified
  • Evaluate/ design, procure/ develop, implement, operate, and maintain controls that satisfy the above requirements AND monitor the control environment AND report status to management
  • Detect attacks, respond to those that succeed and recover operations
  • Learn, adjust, adapt … train and communicate
how symantec can serve you best of breed technologies and expertise
How Symantec Can Serve YouBest of Breed Technologies and Expertise
  • World’s Leading Security, Backup and Archive, and File System Software Company (IDC)
  • Recognized Industry Leadership (Gartner):
    • Email Archiving
    • Email Security
    • Enterprise Backup and Restore
    • Enterprise AntiVirus
    • Personal Firewall
    • Managed Security Services
    • Storage Management
    • J2EE Application Server Management

Leadership…

how symantec can serve you staying ahead of the curve
How Symantec Can Serve YouStaying Ahead of the Curve
  • Over US$700 Million Annual Investment in R&D
  • Over 200 Patents for Industry-Leading Technical Innovation
  • Dedicated Advanced Concepts Lab Chartered With Fast-Track Development of Cutting-Edge Technologies

Innovation…

how symantec can serve you global intelligence
How Symantec Can Serve YouGlobal Intelligence
  • Symantec tracks vulnerabilities in 30,000 technologies, operation systems, and applications from more than 4,000 vendors
  • Symantec tracks emerging security threats with a network of over 24,000 sensors on networks in over 180 countries.
  • Symantec’s Probe Network monitors global spam and phishing activity from a network of over 2 million decoy email accounts

Knowledge…

slide29

How Symantec Can Serve YouA Record of Success

  • Over 120,000,000 Systems Protected Worldwide
  • The 4th Largest Independent Software Company in the World
  • Represented in Over 95% of the Fortune 500
  • Over 23 years of industry experience

Trust…